{"id":"https://openalex.org/W4385884967","doi":"https://doi.org/10.1109/tse.2023.3305244","title":"VulExplainer: A Transformer-Based Hierarchical Distillation for Explaining Vulnerability Types","display_name":"VulExplainer: A Transformer-Based Hierarchical Distillation for Explaining Vulnerability Types","publication_year":2023,"publication_date":"2023-08-16","ids":{"openalex":"https://openalex.org/W4385884967","doi":"https://doi.org/10.1109/tse.2023.3305244"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2023.3305244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3305244","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102710465","display_name":"Michael C. Fu","orcid":"https://orcid.org/0000-0001-7211-3491"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Michael Fu","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100769134","display_name":"Van Nguyen","orcid":"https://orcid.org/0000-0002-5838-3409"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Van Nguyen","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081449581","display_name":"Chakkrit Tantithamthavorn","orcid":"https://orcid.org/0000-0002-5516-9984"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Chakkrit Kla Tantithamthavorn","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102780660","display_name":"Trung Le","orcid":"https://orcid.org/0000-0003-0414-9067"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Trung Le","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5036447132","display_name":"Dinh Phung","orcid":"https://orcid.org/0000-0002-9977-8247"},"institutions":[{"id":"https://openalex.org/I56590836","display_name":"Monash University","ror":"https://ror.org/02bfwt286","country_code":"AU","type":"education","lineage":["https://openalex.org/I56590836"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Dinh Phung","raw_affiliation_strings":["Faculty of Information Technology, Monash University, Melbourne, Australia"],"affiliations":[{"raw_affiliation_string":"Faculty of Information Technology, Monash University, Melbourne, Australia","institution_ids":["https://openalex.org/I56590836"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5102710465"],"corresponding_institution_ids":["https://openalex.org/I56590836"],"apc_list":null,"apc_paid":null,"fwci":22.6746,"has_fulltext":false,"cited_by_count":50,"citation_normalized_percentile":{"value":0.99494288,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":97,"max":100},"biblio":{"volume":"49","issue":"10","first_page":"4550","last_page":"4565"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9927999973297119,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9843999743461609,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7067502737045288},{"id":"https://openalex.org/keywords/aka","display_name":"AKA","score":0.5313112735748291},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.5222728252410889},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5173189640045166},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.49205559492111206},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.486361563205719},{"id":"https://openalex.org/keywords/transformer","display_name":"Transformer","score":0.41909411549568176},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.33264651894569397},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1253984272480011},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11552822589874268},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.08202320337295532}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7067502737045288},{"id":"https://openalex.org/C121158502","wikidata":"https://www.wikidata.org/wiki/Q4652161","display_name":"AKA","level":2,"score":0.5313112735748291},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5222728252410889},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5173189640045166},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.49205559492111206},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.486361563205719},{"id":"https://openalex.org/C66322947","wikidata":"https://www.wikidata.org/wiki/Q11658","display_name":"Transformer","level":3,"score":0.41909411549568176},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33264651894569397},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1253984272480011},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11552822589874268},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.08202320337295532},{"id":"https://openalex.org/C161191863","wikidata":"https://www.wikidata.org/wiki/Q199655","display_name":"Library science","level":1,"score":0.0},{"id":"https://openalex.org/C165801399","wikidata":"https://www.wikidata.org/wiki/Q25428","display_name":"Voltage","level":2,"score":0.0},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tse.2023.3305244","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2023.3305244","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/4","display_name":"Quality Education","score":0.4300000071525574}],"awards":[{"id":"https://openalex.org/G4416570303","display_name":null,"funder_award_id":"DE200100941","funder_id":"https://openalex.org/F4320334704","funder_display_name":"Australian Research Council"}],"funders":[{"id":"https://openalex.org/F4320334704","display_name":"Australian Research Council","ror":"https://ror.org/05mmh0f86"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":91,"referenced_works":["https://openalex.org/W1533970595","https://openalex.org/W1821462560","https://openalex.org/W1832693441","https://openalex.org/W2047468043","https://openalex.org/W2119191234","https://openalex.org/W2508932077","https://openalex.org/W2743517242","https://openalex.org/W2765407302","https://openalex.org/W2767106145","https://openalex.org/W2781491433","https://openalex.org/W2896457183","https://openalex.org/W2950898568","https://openalex.org/W2962784628","https://openalex.org/W2962960733","https://openalex.org/W2963351448","https://openalex.org/W2963691377","https://openalex.org/W2964015378","https://openalex.org/W2970941190","https://openalex.org/W2971296908","https://openalex.org/W2972135640","https://openalex.org/W2979183801","https://openalex.org/W2982413960","https://openalex.org/W2995197345","https://openalex.org/W3013745307","https://openalex.org/W3034601242","https://openalex.org/W3034933032","https://openalex.org/W3048065912","https://openalex.org/W3083954092","https://openalex.org/W3091588759","https://openalex.org/W3093734859","https://openalex.org/W3096121526","https://openalex.org/W3098605233","https://openalex.org/W3101228802","https://openalex.org/W3112944441","https://openalex.org/W3114566572","https://openalex.org/W3119507053","https://openalex.org/W3122149408","https://openalex.org/W3122855191","https://openalex.org/W3126675481","https://openalex.org/W3134708177","https://openalex.org/W3166095789","https://openalex.org/W3170874841","https://openalex.org/W3174067697","https://openalex.org/W3174366534","https://openalex.org/W3174750614","https://openalex.org/W3177116043","https://openalex.org/W3177200443","https://openalex.org/W3194346579","https://openalex.org/W3195612455","https://openalex.org/W3199263538","https://openalex.org/W3210162706","https://openalex.org/W4205601502","https://openalex.org/W4206241418","https://openalex.org/W4207068100","https://openalex.org/W4210964344","https://openalex.org/W4226087061","https://openalex.org/W4243650394","https://openalex.org/W4287824654","https://openalex.org/W4294443024","https://openalex.org/W4300833946","https://openalex.org/W4312290548","https://openalex.org/W4312436517","https://openalex.org/W4312757223","https://openalex.org/W4312969325","https://openalex.org/W4367059303","https://openalex.org/W4367059627","https://openalex.org/W4385245566","https://openalex.org/W4388826738","https://openalex.org/W4394638297","https://openalex.org/W6631885290","https://openalex.org/W6638523607","https://openalex.org/W6690815549","https://openalex.org/W6719011196","https://openalex.org/W6725434214","https://openalex.org/W6726873649","https://openalex.org/W6739901393","https://openalex.org/W6742725575","https://openalex.org/W6745136726","https://openalex.org/W6760184523","https://openalex.org/W6764733053","https://openalex.org/W6767260250","https://openalex.org/W6768003788","https://openalex.org/W6768920361","https://openalex.org/W6771917389","https://openalex.org/W6780793664","https://openalex.org/W6783227185","https://openalex.org/W6788135285","https://openalex.org/W6790588633","https://openalex.org/W6800580574","https://openalex.org/W6811303365","https://openalex.org/W6853520029"],"related_works":["https://openalex.org/W3014541132","https://openalex.org/W2994737807","https://openalex.org/W2948639032","https://openalex.org/W2948704552","https://openalex.org/W2948403110","https://openalex.org/W3156494719","https://openalex.org/W2909288185","https://openalex.org/W2948123712","https://openalex.org/W4241313390","https://openalex.org/W2948769344"],"abstract_inverted_index":{"Deep":[0],"learning-based":[1],"vulnerability":[2,74,119],"prediction":[3,31,47],"approaches":[4],"are":[5],"proposed":[6],"to":[7,12,28,38,61,107,123,194,235,265],"help":[8],"under-resourced":[9],"security":[10,17],"practitioners":[11,18],"detect":[13],"vulnerable":[14],"functions.":[15],"However,":[16,77],"still":[19],"do":[20],"not":[21],"know":[22],"what":[23],"type":[24,41,64],"of":[25,42,65,87,129,174,198,220,280],"vulnerabilities":[26,43,78],"correspond":[27],"a":[29,35,45,73,98,113,135,163,190,261],"given":[30,46],"(aka":[32],"CWE-ID).":[33],"Thus,":[34,110,152,187],"novel":[36],"approach":[37,60,217,231],"explain":[39,62],"the":[40,63,85,125,175,196,212,221,266,275],"for":[44,117],"is":[48,93],"imperative.":[49],"In":[50],"this":[51],"paper,":[52],"we":[53,111,133,188],"propose":[54],"<italic":[55,69],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[56,70],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">VulExplainer</i>":[57,71],",":[58],"an":[59,208],"vulnerabilities.":[66,131],"We":[67,168],"represent":[68],"as":[72,97,239],"classification":[75,102,120],"task.":[76],"have":[79,162],"diverse":[80],"characteristics":[81],"(i.e.,":[82,146],"CWE-IDs)":[83],"and":[84,158,242,277],"number":[86],"labeled":[88],"samples":[89],"in":[90,121,184],"each":[91,159,173],"CWE-ID":[92],"highly":[94,99,126],"imbalanced":[95,100,127],"(known":[96],"multi-class":[101],"problem),":[103],"which":[104],"often":[105],"lead":[106],"inaccurate":[108],"predictions.":[109],"introduce":[112],"Transformer-based":[114,236,251],"hierarchical":[115,203],"distillation":[116,205,263],"software":[118,130,282],"order":[122],"address":[124],"types":[128,145],"Specifically,":[132],"split":[134],"complex":[136],"label":[137,166],"distribution":[138],"into":[139],"sub-distributions":[140],"based":[141],"on":[142,172],"CWE":[143],"abstract":[144],"categorizations":[147],"that":[148,229],"group":[149,160],"similar":[150,153],"CWE-IDs).":[151],"CWE-IDs":[154],"can":[155,232],"be":[156,233],"grouped":[157],"will":[161],"more":[164],"balanced":[165],"distribution.":[167],"learn":[169],"TextCNN":[170,199],"teachers":[171,200],"simplified":[176],"distributions":[177],"respectively,":[178],"however,":[179],"they":[180],"only":[181,259],"perform":[182],"well":[183],"their":[185],"group.":[186],"build":[189],"transformer":[191],"student":[192],"model":[193,252],"generalize":[195],"performance":[197],"through":[201],"our":[202,216,230,245,271],"knowledge":[204],"framework.":[206],"Through":[207],"extensive":[209],"evaluation":[210],"using":[211],"real-world":[213],"8,636":[214],"vulnerabilities,":[215],"outperforms":[218],"all":[219],"baselines":[222],"by":[223],"5%\u201329%.":[224],"The":[225],"results":[226,269],"also":[227],"demonstrate":[228],"applied":[234],"architectures":[237],"such":[238],"CodeBERT,":[240],"GraphCodeBERT,":[241],"CodeGPT.":[243],"Moreover,":[244],"method":[246],"maintains":[247],"compatibility":[248],"with":[249],"any":[250,255],"without":[253],"requiring":[254],"architectural":[256],"modifications":[257],"but":[258],"adds":[260],"special":[262],"token":[264],"input.":[267],"These":[268],"highlight":[270],"significant":[272],"contributions":[273],"towards":[274],"fundamental":[276],"practical":[278],"problem":[279],"explaining":[281],"vulnerability.":[283]},"counts_by_year":[{"year":2026,"cited_by_count":8},{"year":2025,"cited_by_count":27},{"year":2024,"cited_by_count":11},{"year":2023,"cited_by_count":4}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}